On 11/16/2020 6:52 AM, Stuart Henderson wrote:
>
> ...actually I have now added a workaround to the databases/openldap port
> in 6.8-stable to disable TLS 1.3, so either rebuild or wait for -stable
> packages and it should fix things.
Cool, I was actually already building from source in order to enable
modules. I updated my ports tree and rebuilt, looks good now, thanks
much for the quick fix.
It still does behave a little bit differently; under 6.7 it was
including the root CA in the chain sent by the server, under 6.8 it is
only including the intermediate, not the root. Which I actually prefer,
as sending the root is a waste of time, the client needs to have that
itself anyway in order to validate the chain in the first place.
No comments:
Post a Comment